add crowdsec

2026-05-29 15:35:59 +00:00 · 2026-05-10 00:07:06 +04:00
parent 54e3854c0d
commit e11b03ebaf
20 changed files with 376 additions and 57 deletions
@@ -0,0 +1,13 @@
+type: leaky
+name: aykhans/stalwart-auth-bruteforce
+description: Detect SMTP/IMAP/POP3 authentication brute force on Stalwart
+filter: |
+  evt.Parsed.event_type == "auth.failed"
+groupby: evt.Meta.source_ip
+capacity: 3
+leakspeed: 10m
+blackhole: 1h
+labels:
+  type: bruteforce
+  service: stalwart
+  remediation: true